Conclusion: Business leaders should convert recent global interest in AI applications, safety and effectiveness into AI governance guidelines in the exercise of their triple bottom line responsibilities (for profit, social responsibility and sustainability) as outlined in IBRS research note, “The emerging need for IT governance in artificial intelligence”1.

AI includes a very broad range of technologies being applied in virtually all industries. This means that the use of AI in both IT and operational technologies2 (OT) requires C-level attention and supervision.

Conclusion: This month, discussions regarding digital transformation efforts have been prominent. Plans to upgrade, improve and modernise internal ICT frameworks are critical for effective value creation and faster results delivery. Customers need to invest in technological change in order to establish a set of digital products which address stakeholder needs and integrate with business operations and functions. Customers often struggle with identifying and evaluating vendor risks and establishing appropriate audits and controls for service providers. Whilst customers are familiar with issues such as contract compliance and security, obtaining a managed service provider with a deeper understanding of business requirements can be difficult. However, this understanding is critical when developing digital transformation solutions, and vendors need to augment skills, develop more detailed strategies and address concerns specific to particular customers in order to deliver business value during digital transformation efforts.

Conclusion: The foreseeability of cyber incidents is widely accepted, but many organisations still have not done the work to identify their own exposures and ascertain what they would do in a crisis. The openness of shipping giant Maersk in talking about the impact of the NotPetya malware on the organisation should be viewed through the lens of “what would that look like if it happened to us?” The business impact of NotPetya on Maersk is clear, but so too are many of the risk mitigations that should be put in place before a cyber incident – and many of these are not directly related to technology. Finally, risk management is just as much about recovering from an incident as trying to prevent one.

Conclusion: Project management in organisations is commonplace. Reviews are often undertaken at the end of the project to gain learnings for future projects. Project reviews completed during the life of a project need to ensure that they are inclusive of appropriate stakeholder groups and assessment is targeted at the appropriate focus areas. Active and inclusive review and assurance activities need to be well understood and supported within the organisation so that it is not viewed as an exam that needs to be prepared for and passed. Applying reviews and assurance as a process checkpoint only is ineffective and will not ensure quality project delivery.

Conclusion: BYOD strategies need to be updated regularly to keep pace with the evolving nature of not just the devices themselves but also the increasing challenges and complexity to stay secure; all this needs to occur while offering increasingly flexible services to a 24/7 mobile workforce operating on-premises and offline. It is valuable to engage key stakeholders within the organisation’s leadership team, employee champions and also industry peers to ensure the BYOD strategies are as relevant and acceptable as initially reported in an earlier IBRS article in 20081 when personal electronic devices (PED) were being introduced into corporate networks.

Conclusion: The forthcoming General Data Protection Regulation (GDPR) is new legislation being introduced by the European Union, which does have ramifications for organisations worldwide.

Being new, there is still a lot to be learned about what exactly some of the specific requirements will mean in practice and how they will impact organisations in being able to show that they have understood and completely complied with the regulation.

When considering an organisation’s position and defensibility in terms of did they comply or not, organisations will need to develop an understanding on the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Conclusion: Although online digital platforms are in ready supply, organisations remain unable to avoid the receipt of critical information in the form of paper documents or scanned images. Whether from government, suppliers or clients, organisations are faced with written correspondence, typed material, completed forms or signed documents that must be consumed. For a variety of reasons, it may be unreasonable or impractical to expect this information to be sent in machine-readable form.

However, machine-readable content from incoming information, both past and future, is emerging as a prerequisite to exploit artificial intelligence and machine learning as part of digital transformation. Therefore, organisations need to re-examine their data ingestion strategies and move proactively to the use of optical character recognition on incoming paper- and scanned image-based information.